b'NOTE: Because this report assesses potential vulnerabilities in IT security, only a\nsummary of the report is posted.\n\n\nReport Title:                Audit of NARA\xe2\x80\x99s Network Perimeter\nReport Number:               06-01\nDate Issued:                 December 15, 2005\n\n\n\n\nAudit of NARA\xe2\x80\x99s Network Perimeter\nThe NARA OIG performed an audit of NARA\xe2\x80\x99s network perimeter 1 to determine\nwhether the controls surrounding the boundary of NARA\xe2\x80\x99s network (NARAnet) provide\nreasonable protection from external intruders.\n\nOur audit revealed that NARA\xe2\x80\x99s network perimeter security was not adequate and\nexposed the agency to significant information security risks. This condition existed\nbecause management has not adopted, incorporated, and enforced pertinent standards\npromulgated to reduce risk to an acceptable level. Numerous NIST Special Publications,\nhighlighted in the detailed findings, document the minimum requirements that should be\nconsidered, implemented, and tested concerning local and wide area network perimeter\nsecurity. When the network perimeter is not adequately protected, not only does the risk\nof intrusion increase, but the network is more vulnerable to nefarious individuals or\ngroups seeking to harm the network infrastructure.\n\nWe made eight recommendations to improve and secure NARA\xe2\x80\x99s network perimeter\nsecurity. Management concurred with all but one recommendation and promptly initiated\nmanagement action to address our recommendations.\n\n\n\n\n1A perimeter is the fortified boundary of the network that might include routers, firewalls, IDSs, VPN\ndevices,\n  software, DMZs, and screened subnets.\n\x0c'